New vulnerability affects over 600 million Samsung smartphones

U.S. mobile phone security firm NowSecure is reporting that over 600 million Samsung-built smartphones are prone to hijacking due to a wide-spread vulnerability.

U.S. mobile phone security firm NowSecure is reporting that over 600 million Samsung-built smartphones are prone to hijacking due to a wide-spread vulnerability.

The risk stems from Samsung's pre-installed keyboard, SwiftKey, which updates itself over the internet without using encryption. If a wireless network has been tampered with, this could allow an attacker to remotely install code onto the handset. By doing so, the attacker could access phone sensors such as the GPS, camera and microphone, install malicious apps, eavesdrop on calls, and access personal data such as pictures and text messages.

However, attackers are only able to exploit this vulnerability via a local wireless connection, greatly reducing the risk for users who do not connect their phone to public or insecure networks.

NowSecure says it notified Samsung of the vulnerability at the end of 2014, but many devices have yet to be updated with a security patch that fixes this flaw. The Galaxy S6, Galaxy S5, Galaxy S4 and Galaxy S4 Mini are all known to be impacted, but NowSecure claims the flaw could extended to other Samsung handsets.

Since the keyboard app cannot be uninstalled, NowSecure advises Samsung smartphone owners avoid connecting to insecure wireless networks.